4a8eff75d0656c0ec83dcfd44899d23e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4a8eff75d0656c0ec83dcfd44899d23e_JaffaCakes118
Size

529KB
MD5

4a8eff75d0656c0ec83dcfd44899d23e
SHA1

3144034067ba43b34240ed2a281423e5bbb52cef
SHA256

2ac53a17f7380a31442b4cd42e2c131792772fc91421bbbccafefa625557318d
SHA512

94c3b00935ad8efd5595e714f60b13e89d3c6872da7b34b3479a7ff57a9db7b1e42ae454f30fe1ce164d75b48f7b6a65c12ac8d9fe8d20cadb867c4ff81514e3
SSDEEP

12288:mZAFtw6QknVAs/ZHtN/JZS/pjUM+/gKDIUD6T9/:1+dYxNNm/qaUD6p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a8eff75d0656c0ec83dcfd44899d23e_JaffaCakes118

Files

4a8eff75d0656c0ec83dcfd44899d23e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ac3864e8bc1d090eee247d57cf3907f4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

k:\blaooue.pdb

Imports

kernel32

CompareStringW
GetStringTypeW
GetStartupInfoW
MultiByteToWideChar
SetHandleCount
CreateMutexA
EnumSystemLocalesA
IsValidLocale
GetStdHandle
TlsFree
RemoveDirectoryW
GetCommandLineA
GetTickCount
GetACP
VirtualQuery
GetProcAddress
GetVersionExA
SetFilePointer
TlsGetValue
GetCurrentThreadId
UnhandledExceptionFilter
GetCurrentProcess
GetSystemTimeAsFileTime
GetLocaleInfoA
HeapReAlloc
DeleteCriticalSection
VirtualAlloc
LoadLibraryA
EnterCriticalSection
GetFileType
TlsAlloc
HeapFree
TlsSetValue
GetCPInfo
InterlockedExchange
CompareStringA
RtlUnwind
SetLastError
CloseHandle
ReadFile
GetLastError
ExitProcess
GetCurrentThread
GetEnvironmentStringsW
HeapSize
SetStdHandle
GetModuleHandleA
VirtualProtect
HeapCreate
GetCurrentProcessId
GetEnvironmentStrings
GetLocaleInfoW
WideCharToMultiByte
QueryPerformanceCounter
IsValidCodePage
HeapAlloc
GetModuleFileNameA
VirtualFree
TerminateProcess
GetUserDefaultLCID
GetModuleFileNameW
SetEnvironmentVariableA
WriteFile
LeaveCriticalSection
FreeEnvironmentStringsA
GetTimeFormatA
LCMapStringW
IsBadWritePtr
FlushFileBuffers
GetStringTypeA
LCMapStringA
FreeEnvironmentStringsW
GetCommandLineW
GetOEMCP
GetStartupInfoA
HeapDestroy
InitializeCriticalSection
GetTimeZoneInformation
OpenMutexA
GetDateFormatA
GetSystemInfo

comctl32

InitCommonControlsEx

user32

MessageBoxW
RegisterClassA
VkKeyScanExA
RegisterClassExA
GetKeyboardState
ShowWindow
CreateWindowExW
CreateIconIndirect

Sections

.text
Size: 331KB - Virtual size: 331KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ac3864e8bc1d090eee247d57cf3907f4

Headers

File Characteristics

PDB Paths

Imports

kernel32

comctl32

user32

Sections

.text Size: 331KB - Virtual size: 331KB

.rdata Size: 67KB - Virtual size: 84KB

.data Size: 114KB - Virtual size: 114KB

.rsrc Size: 15KB - Virtual size: 14KB

.text
Size: 331KB - Virtual size: 331KB

.rdata
Size: 67KB - Virtual size: 84KB

.data
Size: 114KB - Virtual size: 114KB

.rsrc
Size: 15KB - Virtual size: 14KB